Hi All, Im having some difficulties getting the certificate to work correctly. I followed instructions from http://www.open.com.au/pipermail/radiator/2010-November/016781.html,
Windows Clients still get prompted with a warning message saying that the certificate can not be trusted : ---- The server "eduroam.latrobe.edu.au" presented a valid certificate issued by "thawte Primary Root CA", but "thawte Primary Root CA" is not configured as a valid trust anchor for this profile. Following are my config file : EAPTLS_CAFile /etc/radiator/certs/thawte-ssl-ca-bundle.pem EAPTLS_CertificateChainFile /etc/radiator/certs/eduroam-combined EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile /etc/radiator/certs/eduroam.latrobe.edu.au-rsa.key thawte-ssl-ca-bundle.pem contains file from : https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL_CA_Bundle.pem eduroam-combined contain : cat eduroam.crt thawte-ssl-ca-bundle.pem > eduroam-combined Running eapol_test return following error : TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 2 for '/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA' CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=2 subject='/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA' err='unable to get local issuer certificate' SSL: (where=0x4008 ret=0x230) SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server certificate B OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSL: 7 bytes pending from ssl_out SSL: Failed - tls_out available to report error SSL: 7 bytes left to be sent out (of total 7 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL How should I make this work? Regards, Rianto _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
